Electron

As much as I don't care for the change to Electron, I absolutely trust that the AgileBits folks are trying their best to build secure software. I have my doubts, about how secure electron can be made, but that is different than them not caring or doing something malicious.

@privateuser - I'm sorry to hear you say this. We care very much about security here, and in fact our security model is based explicitly off not asking you to simply accept a pinky-swear that we're secure. We don't want you to have to trust us. We want to architect a solution that means you won't have to. That can still be done with cloud sync.

The entire architecture of 1Password - from AES-256, end-to-end encryption, on to the Electron hardening in 1Password 8 - is intended to provide security without sacrificing privacy.

We do serious security audits as well:

https://support.1password.com/security-assessments/

since there is no way of proving they're not tempering with you data server side

Respectfully, there's no way for us to do this, because the model we've established doesn't allow it. We never have your account password or Secret Key, so we can't do the calculations necessary to decrypt your data. How could we? It's just not mathematically doable.

We also collect minimal information on our customers, as detailed here:

https://support.1password.com/1password-privacy/

Whatever your criticisms of our approach, I hope you'll choose to engage with what we're actually doing. It's hard for us to respond to criticisms of things that are neither our practice nor intent.

1P_PeterG

With all due respect, you haven't unequivocally proven that Agilebits employees aren't astroturfing here. I agree with you that the accusations may not be fair or are "uncool," but you can't necessarily prove they are "false." I'll refrain from this, but ask that you treat feedback from your users equitably, as I have seen some users here be censored when providing critical and reasonable feedback.

cryptochrome -- local Bill Nye the security expert guy. You have such a big talk on how security matters more than the looks (arguably AgileBits offred both before 1P8). But you're basically relying on a proprietary password manager with all of your accounts, including those the leakage of which can literally completely ruin your life. You're relying on a company that pinky promises to keep your data safe. Also, decision to use Electron framework instead of native solutions is a huge red flag. If you were to really care about security, you'd be using either pass (cli), KeePass, or Bitwarden (self-hosted since there is no way of proving they're not tempering with you data server side). All of those is free software -- open source, no trust in 3rd party, reliable, and you can make it as secure as you possibly can. But you will not use those truly secure solutions, instead you will use 1P because you choose convenience over security.

So let's get over with your "looks over functionality" argument because it's so full of $h!t.

How can you actually be mad at people not enjoying running web apps? Mac users are in constant hunt for quality Mac software because they're tired of running Windows apps on MacOS. The app is complete garbage, but hey tHe FeAtuREs!

@FCNV:

@ synacsyn

Ask me how I know you work for Agilebits.

I know that you are frustrated. But we at Agilebits have clearly marked our identities when posting on Forums and Reddit. We are not using sockpuppet accounts or anything of the kind. Please do not accuse us - or in this case, other 1Password customers - of astroturfing here. This is uncool. More importantly, it is false. It's also hurtful to the open discussion we try to encourage in this space.

cryptochrome

It isn't an insult to call a silly assertion "silly," it simply means that it is not credible and no evidence has been put forth to support it. Throwing around the term "outraged" without any semblance of support is reckless and only making these discussions seem more fueled. For you to read something in plain text and assume you know the emotional state or intent of the commenter is irresponsible. Also, I am not an American citizen and feel your asking is inappropriate and irrelevant to this discussion.

As far as the feedback about the level of polish on the app's UX, I haven't seen anybody here assert they believe this is the final product. They are simply pointing out things they do not like with the hope that Agilebits will address them. Not expressing that feedback defeats the whole purpose of public alphas.

@privateUser

Ah yes, yes...security.

There is a lot more to 1P than an Electron frontend. The underlying security is the best in the business (read this) and Electron won't change that. Most of what's going on under the hood of v8 is written in Rust. Electron just brings it to the surface.

@FCNV

I would really appreciate if you could refrain from getting into insult territory and not call my assertions "silly". You may not agree with my stance, but that shouldn't be a reason to start acting like a 6 year old. I hope we can agree at least on that.

I think a lot of the people complaining that it doesn't feel native are mostly complaining that it feels slow and sluggish with the things I mentioned.

Which - again - is to be expected from an early alpha version. If you expect polished, optimized code, wait for the final release and don't use alphas. It's completely unreasonable and way over the top to complain about that at this stage.

Lastly, I won't bite on your bizarre quip about "outrage" as it seems politically charged and inappropriate for this discussion.

So the word "outrage" is "politically charged"? Are you US American, by chance? No offense, just wondering. In the world I live in, nothing about this word is politically charged. It describes the state of mind of people that are upset over something, to the point where they are no longer reasonable and make insults (which happened, in some of these threads).

I think people here need to take a step back and breathe.

cryptochrome I was referring to the decision to use Electron as opposed to keeping the app native. Also, it's not an either-or choice between design and security. 1Password 7 was a secure product with good design. That's what I love about it!

The Safari extension issue is, unfortunately, an issue with Safari 14, one we can't fix.

A company I recently worked for (with 50,000-100,000 employees) is still not allowing their employees to install macOS Big Sur (they run Catalina).

It will take a while for them to use Safari 15. You might be loosing some customers there...